StingRays breach cell phone privacy

INDEPENDENT MEDIA

• What the heck is a StingRay? And what does it have to do with cell phone privacy? You may not be aware that a device named after an unusual sea creature poses a serious threat to your cell phone – but I assure you, it does. A growing concern in the privacy world, the surveillance device nicknamed “StingRay,” technically known as an IMSI catcher (International Mobile Subscriber Identity), is an invasive technology that threatens to undermine the privacy of anyone with a cell phone.

A small device about the size of a briefcase, StingRays are used by some law enforcement agencies to simulate cell phone towers and trick nearby mobile phones into connecting to them and exposing sensitive personal information, including your phone’s location and the recording of incoming and outgoing phone calls. That isn’t bad enough? The StingRay can also intercept your text communications and even extract the encryption keys you use to protect your data.

Incredibly invasive? Yes. But the problem with StingRays doesn’t stop there. They’re not just invasive; they’re also indiscriminate. StingRays use blanket surveillance on everyone in a given geographic location, without any clear targeting.

Are you caught up within the StingRay’s radius? Then your information is being captured. It has nothing to do with any reasonable expectation of guilt – just your geography. Just as a cell phone tower connects with all nearby phones, so does the StingRay. They can be targeted into homes, offices or parks. Wrong place, wrong time? You’re going to be included in the sweep.

This means you don’t have to be the target of an investigation to be spied on. By definition, innocent citizens are inevitably caught up in the StingRay’s dragnet. And perhaps worst of all, you won’t even know you’re a victim.

One of the challenges with StingRays is that there is little information about the full extent to which these devices are currently in use. But we do know they are being used. The NYPD recently revealed these devices have been used over 1,000 times since 2008. Canada’s own RCMP, Ontario Provincial Police and the Vancouver Police Department have all refused to answer requests for information on the subject.

Worse yet, we don’t know how this information is being used, how long it’s stored and what protections are in place to ensure it is not misused. As we increasingly find ourselves under more and more surveillance, with our privacy under attack from what feels like all sides, is all lost? No. We don’t yet know how common StingRay usage is in Canada and we still have a chance to stop this.

Transparency is the first step. We need to know if, when and where these technologies are in use, to be able to demand accountability of our law enforcement agencies. We need to understand the facts to ensure our right to privacy is being protected and that authorities are being held accountable for this type of surveillance.

That’s why at OpenMedia, we’re intervening alongside a number of other pro-privacy organizations at an upcoming case to be heard by the BC Privacy Commissioner. We’re asking the Commissioner to rule that police must come clean about whether, and how often, they use these spying devices. The case will be heard later this month and you can check out our website at openmedia.org or follow us on Facebook for latest developments.

—

Laura Tribe is Digital Rights Specialist for OpenMedia, a community-based organization that safeguards the possibilities of the open Internet